General
-
Target
6c70cd596a37b0ea2b0736f42e9c1536e4c1dc367e03c162a390c599cbaa752a
-
Size
1.1MB
-
Sample
230420-c7hn2ahb2z
-
MD5
267064531f662c5ca43e1f4dfb7ffec3
-
SHA1
63011711900246bf7d7e8c73f6feba78edd056d4
-
SHA256
6c70cd596a37b0ea2b0736f42e9c1536e4c1dc367e03c162a390c599cbaa752a
-
SHA512
d61b446487113edbf804581b42691fc8bacb3289131178d71e28b1694cdb402f0a6ae118df4ae87bfc36f4efa89f5f03502ea5be8d99748c97fb8080625842e4
-
SSDEEP
12288:Py9034MJsL3fAzqR8pOJLV9WBULBMwAynRC55+jSpiqB0T9aeYl7PTSeeW+VIzUB:Py4GIzdkxVEcB7nw7+j+cwheWaemHV
Static task
static1
Behavioral task
behavioral1
Sample
6c70cd596a37b0ea2b0736f42e9c1536e4c1dc367e03c162a390c599cbaa752a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
6c70cd596a37b0ea2b0736f42e9c1536e4c1dc367e03c162a390c599cbaa752a
-
Size
1.1MB
-
MD5
267064531f662c5ca43e1f4dfb7ffec3
-
SHA1
63011711900246bf7d7e8c73f6feba78edd056d4
-
SHA256
6c70cd596a37b0ea2b0736f42e9c1536e4c1dc367e03c162a390c599cbaa752a
-
SHA512
d61b446487113edbf804581b42691fc8bacb3289131178d71e28b1694cdb402f0a6ae118df4ae87bfc36f4efa89f5f03502ea5be8d99748c97fb8080625842e4
-
SSDEEP
12288:Py9034MJsL3fAzqR8pOJLV9WBULBMwAynRC55+jSpiqB0T9aeYl7PTSeeW+VIzUB:Py4GIzdkxVEcB7nw7+j+cwheWaemHV
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-